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REMARKS 

The filing of this paper on Monday, January 9, 2006 without payment of a 
government extension fee under 37 C.F.R. § 1.17(a) is proper pursuant to 37 C.F.R. § 1.7 since 
January 7, 2006 falls on a Saturday. 

Claims 1-23, all of the pending claims, stand rejected under 35 U.S.C. § 103(a) 
for obviousness fi-om the teachings of U.S. Patent No. 5,950,195 to Stockv^ell et al.^ 
Reconsideration is requested. 

In independent claim 1, each step requires the use of the same client computer. 

In contrast, the Stockwell et al. patent discloses that an Access Control List (ACL) 
is managed by an acid deamon (acid 60) ruiming in the kernel of a firewall 10/30 (see column 5, 
lines 36-37), which is used to regulate the flow of Internet connections from an internal network 
26 to an external network 22 (see column 4, lines 29-31). The Stockwell et al. patent discloses, 
teaches and suggests that its firewall 10/30 is utilized to facilitate conraiunication between 
xmdisclosed computers connected to the firewall via internal network 26 and external network 22. 
What is clear in the Stockwell et al. patent, however, is that the firewall 10/30 is not a client 
computer in the same sense as the client computer of the present invention configured for use by 
an end user. 

Assuming arguendo, the firewall disclosed in the Stockwell et al. patent is 
analogous to the client computer of claim 1, the Stockwell et al. patent does not disclose, teach or 
suggest a method having all the limitations of claim 1. Specifically, step (d) of claim 1 recites 
that the client computer receives an access configuration including a control setting for at least 
one communication protocol via a (second) communication session. In contrast, the Stockwell 
et al. patent discloses, teaches and suggests that acid 60 (synonymous to the access configuration 



' In section 2 of the Detailed Action, claims 1-23 were rejected for obviousness from the teachings of U.S. Patent 
Publication No. US 2002/0169961 Al to Stockwell et al. However, this publication is to Giles et al. In a 
telephone conversation on January 3, 2006, the Examiner confirmed that she had intended to reject the claims over 
U.S. Patent No. 5,950, 1 95 to Stockwell et al. 
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of the present invention) always resides at the firewall (see column 7, lines 10-20). Specifically, 
to make an ACL check, an agent, such as proxy 50, server 52, login 54 or network access server 
56 shown in Fig. 3, collects information about the nature of a connection, such as source and 
destination IP addresses. The agent places this information into a query list that contains all of 
the relevant information needed to make the ACL check. The agent then submits the query list 
to acid 60 and acid 60 searches for a rule that matches the query list and retums a reply list. 
This reply list includes either "allow" or "deny" to indicate if the connection should be accepted 
or rejected. Other values in the reply list are side effects that change the behavior of the agent. 

As can be seen, the access configuration upon which a decision is made whether 
to allow or deny access resides in acid 60. No agent contains information upon which to base a 
decision whether to allow or deny access. Rather, only the "allow" or "deny" indicator is 
provided to the agent by acid 60. In other words, the Stockwell et al. patent discloses, teaches 
and suggests that the ACL rules reside permanently in acid 60. Accordingly, the Stockwell et al. 
patent cannot disclose, teach or suggest the limitations of claim 1, step (d), namely, that an access 
configuration including a control setting for at least one communication protocol is received at 
the client computer via a (second) communication session. 

Moreover, the Stockwell et al. patent does not disclose the limitations of claim 1, 
step (f), namely, controlling the conveyance of data to or from a process that initiates a third 
communication session at a third network address based on the control settings included in the 
access configuration received at the computer via the second communication session. The 
differences between the present invention and the teachings of the Stockwell et al. patent in this 
regard are relatively straightforward. In the present invention, the client computer can attempt 
to access a specific IP address. Rules for this access attempt are checked at the client computer 
and a decision is made thereat whether to allow or deny access. No Internet traffic need 
traverse a firewall that may or may not be accessible to the client computer in order to make this 
decision. In contrast, in the Stockwell et al. patent, the same client computer would attempt a 
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communication with a specific IP address through the disclosed firewall 10/30, which would 
determine whether to allow or deny access. Thus, as can be seen, the Stockwell et al. patent 
discloses a system wherein the decision to deny or allow access is made at a completely different 
location than the method claimed in claim 1. 

Moreover, the Stockwell et al. patent does not disclose, teach or suggest a client 
computer utilizing multiple communication sessions, each of which is at a different network 
address. Rather, the Stockwell et al. patent discloses, teaches and suggests communications 
between intemal processes of a firewall - not between different network addresses. 

On page 4 of the Office Action, the Examiner admits that the Stockwell et al. 
patent "does not specifically enumerate a first, second and third communication session at a 
respective network address." The Examiner goes onto allege, however, that it would have been 
obvious to one of ordinary skill in the art at the time of the invention to use any number of 
multiple servers to perform a task - "In other words, within a network system comprising 
multiple servers and multiple layers of access control, Stockwell teaches secured access 
throughout the network as implemented on muhiple machines wherein it would have been 
obvious to create muhiple communication sessions for added security and improved performance 
purposes." 

It is well established patent law that in order to establish a prima facie case of 
obviousness, three basic criteria must be met. First, there must be some suggestion or 
motivation, either in the references themselves or in the knowledge generally available to one of 
ordinary skill in the art, to modify the reference or to combine reference teachings. Second, 
there must be a reasonable expectation of success. Finally, the prior art reference (or references 
when combined) must teach or suggest all of the claim limitations. The teaching or suggestion 
to make the claimed combination and the reasonable expectation of success must both be found 
in the prior art and not based on Applicant's disclosure. In re Vaeck, 947 F.2d 488, 20 USPQ2d 
1438 (Fed. Cir. 1991). 
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As discussed above, the Stockwell et al. patent discloses, teaches and suggests 
communications between intemal processes of a firewall - not between different network 
addresses. Accordingly, if anything, the Stockwell et al. patent teaches away from a single 
client computer utilizing first, second and third communication sessions at first, second and third 
network addresses in the manner disclosed in claim 1. Hence, the Stockwell et al, patent does 
not meet the first prong of the above test. 

Moreover, it is respectfully submitted that the Examiner's allegation on page 4 of 
the Office Action fails to meet the final prong of the test, namely, that the prior art reference 
teaches and suggests all of the claim limitations. Assuming arguendo that in view of the 
Stockwell et al. patent, one skilled in the art would have used any number of multiple servers to 
perform authentication, access control or information acquisition (as alleged by the Examiner), 
the Examiner has not explained why one skilled in the art would have chosen the specific method 
claimed in claim 1 of the present application to perform this task. Indeed, the Examiner has not 
explained why one skilled in the art would use three communication sessions versus any number 
of communication sessions other than three. Accordingly, it is respectfully submitted that the 
Examiner has used impermissible hindsight to reject claim 1 . 

While not set forth in claim 1, the first communication session is utilized to 
initially establish an IP connection between each client computer 1 and server computer 2 for the 
purpose of downloading to client computer 1 a second network address, which is utilized to pass 
the access configuration to client computer 1. The use of a single network address (the first 
network address) by each remotely located client computer 1 enables each client computer 1 to 
receive a unique second network address, which is utilized to pass the corresponding access 
configuration to the client computer 1. The use of a common first network address by each 
client computer 1 enables client computers which may be mobile to receive their access 
configuration fi'om server computer 2 without regard to how the client computer is connected to 
the Internet, e.g., without the use of a firewall. Once the client computer has received its access 
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configuration from server computer 2, the client computer, if authorized by the access 
configuration downloaded hereto, can initiate a process which initiates the third communication 
session, wherein the conveyance of data to and from the process is controlled based on a control 
setting included in the access configuration received via the second communication session. If 
desired, data being conveyed to and/or from the client computer via the third communication 
session can be conveyed via the second communication session to server computer 2 or 5 (claim 
10), which can create an appropriate log of the conveyed data. 

For the foregoing reasons, it is respectfully submitted that the Stockwell et al. 
patent does not disclose, teach or suggest all of the limitations of claim 1 . Absent disclosing, 
teaching or suggesting a method having all of the limitations of claim 1, the Stockwell et al. 
patent cannot render obvious claim 1 of the present application, or claims 2-12 dependent 
therefrom. 

Regarding independent claims 13 and 22, for the reasons discussed above in 
connection with claim 1, the Stockwell et al. patent cannot render obvious claims 13 and 22 of 
the present application, or claims 14-21 and 23 dependent therefrom. 

In rejecting claim 7, which depends from and further limits claim 1, the Examiner 
alleges that it would have been obvious to terminate communication sessions as new ones are 
created for reservation of bandwidth. As noted above in cormection with claim 1, however, the 
Stockwell et al. patent discloses, teaches and suggests inter process communications occurring 
within a firewall, not between different communication sessions at different network addresses. 

Absent disclosing, teaching or suggesting a method having the combination of 
limitations of claims 1 and 7, the Stockwell et al. patent carmot render obvious claim 7 of the 
present application. 

For the reasons discussed above in connection with claim 7, the Stockwell et al. 
patent cannot render obvious claim 15 of the present application. 
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In rejecting claim 10, which depends from and further limits claims 9 and 1, the 
Examiner alleges that the Stockweli et al. patent "further teaches including the step of 
transferring at least part of the conveyed data to the [second] network address via the [second] 
communication session." As noted above in cormection with claim 1 , however, the Stockweli 
et al. patent discloses, teaches and suggests inter process communications occurring within a 
firewall, not between different communication sessions at different network addresses. 

As can be seen, the present invention provides for an access configuration for a 
client computer to be downloaded to the client computer where decisions regarding access to a 
network address is made at the client computer instead of remotely. A benefit of the present 
invention is that it avoids the need to route communications from client computers that may be 
mobile through a dedicated system, such as the firewall disclosed in the Stockweli et al. patent, 
to determine whether the client computer is allowed or denied access to a particular network 
address. The present invention is also the use of two communication sessions to transmit an 
access configuration to a client computer and the use of a third communication session by the 
client computer, wherein the conveyance of data to or from a process instantiated on the client 
computer is controlled based on a control setting included in the access configuration transmitted 
to the client computer during the second communication session. Importantly, all of the 
communication sessions are with different network addresses - not between intemal processes 
running on a system, such as the firewall disclosed in the Stockweli et al. patent. Moreover, the 
second communication session can also be utilized by the client computer for transferring data 
being conveyed via the third communication session to the network address utilized by the 
second communication session, thereby enabling a record of the conveyed data to be stored 
remotely of the client computer. 
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CONCLUSION 

Based on the foregoing remarks, reconsideration of the rejection and allowance of 
claims 1-23 are requested. 



Respectfully submitted, 



THE WEBB LAW FIRM 




Registration No. 22,132 
Attorney for Applicants 
700 Koppers Building 
436 Seventh Avenue 
Pittsburgh, PA 15219-1845 
Telephone: 412-471-8815 
Facsimile: 412-471-4094 
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